Untitled
unknown
plain_text
5 months ago
2.1 kB
2
Indexable
#!/bin/bash
# Usage: ./check_tls_ssl.sh <domain or IP> <port>
DOMAIN=$1
PORT=$2
# Check if domain and port are provided
if [ -z "$DOMAIN" ] || [ -z "$PORT" ]; then
echo "Usage: $0 <domain or IP> <port>"
exit 1
fi
# List of all SSL/TLS versions to check
VERSIONS=("ssl2" "ssl3" "tls1" "tls1_1" "tls1_2" "tls1_3")
# List of TLS versions for cipher checking
CIPHER_VERSIONS=("tls1_2" "tls1_3")
echo "Checking support for all SSL/TLS versions on $DOMAIN:$PORT"
echo "---------------------------------------------------------------"
# Check support for each SSL/TLS version
for VERSION in "${VERSIONS[@]}"; do
echo "Checking $VERSION..."
openssl s_client -connect "$DOMAIN:$PORT" -$VERSION < /dev/null > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "$VERSION is supported."
else
echo "$VERSION is not supported."
fi
done
echo "---------------------------------------------------------------"
# Get list of all possible ciphers
CIPHERS=$(openssl ciphers 'ALL:COMPLEMENTOFALL' | sed -e 's/:/ /g')
# Check supported ciphers only for TLS 1.2 and TLS 1.3
for VERSION in "${CIPHER_VERSIONS[@]}"; do
echo "Checking supported cipher suites for $VERSION..."
SUPPORTED_CIPHERS=()
for CIPHER in $CIPHERS; do
# Use -ign_eof to ensure the connection stays open until handshake completes
RESULT=$(echo | openssl s_client -cipher "$CIPHER" -connect "$DOMAIN:$PORT" -$VERSION -ign_eof 2>/dev/null)
# Check if the handshake was successful by looking for 'Cipher is' in the output
if echo "$RESULT" | grep -q "Cipher is $CIPHER"; then
SUPPORTED_CIPHERS+=("$CIPHER")
fi
done
# Output supported ciphers for the version
if [ ${#SUPPORTED_CIPHERS[@]} -gt 0 ]; then
echo "Supported cipher suites for $VERSION:"
for CIPHER in "${SUPPORTED_CIPHERS[@]}"; do
echo " - $CIPHER"
done
else
echo "No supported cipher suites found for $VERSION."
fi
echo "---------------------------------------------------------------"
done
echo "SSL/TLS version and cipher suite check completed."Editor is loading...
Leave a Comment